Security Basics mailing list archives
RE: Applying Group Policies to selective OUs...
From: "Nick Duda" <nduda () VistaPrint com>
Date: Tue, 3 Jan 2006 12:39:10 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I agree, and not to knock on anyones type of method, but that method can get very ugly and unmanageable when having lots of GPO's. Additionally, you can create security groups for GPO's. It does work, and works well, but it should be should in the rarest of occasions. - - Nick - -----Original Message----- From: Raoul Armfield [mailto:armfield () amnh org] Sent: Thursday, December 29, 2005 2:05 PM To: Jim Gaudet Cc: security-basics () securityfocus com Subject: Re: Applying Group Policies to selective OUs... Jim Gaudet wrote:
The user object, or computer object have to live in the OU. I found it easier to just create a security group, instead of an OU. Then put the members in the group, either user of computer. Then on the GPO, remove the Authenticated Users group, and replace with the security group you just created. Now the GPO will only be applied to this group.
That is funny, having tested this I found that this does not work. You can not apply GPO to security groups or even if you could it becomes an administrative nightmare. The whole point of OUs is to divide your organization into Organizational Units that you can apply policies to. What if someone needs to be part of an security group but does not need to have a certain policy applied to them or vice versa? Raoul - -- Raoul Armfield rarmfield at amnh dot org - --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus - ---------------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2424) iQA/AwUBQ7q2sVPWeke/vskjEQImXQCgo9ODXjFGy4yXa8s/W1j/kvH4aN4An0yU pLhA74wBo+u2z8pWgxHFEiqk =TqDx -----END PGP SIGNATURE----- Confidentiality note: The information in this email and any attachment may contain confidential and proprietary information of VistaPrint and/or its affiliates and may be privileged or otherwise protected from disclosure. If you are not the intended recipient, you are hereby notified that any review, reliance or distribution by others or forwarding without express permission is strictly prohibited and may cause liability. In case you have received this message due to an error in transmission, please notify the sender immediately and to delete this email and any attachment from your system.
Current thread:
- Re: Applying Group Policies to selective OUs... Raoul Armfield (Jan 03)
- Re: Applying Group Policies to selective OUs... Barrie Dempster (Jan 04)
- <Possible follow-ups>
- RE: Applying Group Policies to selective OUs... Roger A. Grimes (Jan 04)
- RE: Applying Group Policies to selective OUs... Nick Duda (Jan 04)